“As the goal of DDoS attacks is causing service outages rather than stealing funds or data, typical network security controls – such as firewalls and intrusion detection and prevention systems – may offer inadequate protection,” NCUA Chairman Debbie Matz said in the bulletin, which is posted on the regulator’s website.

However, the NCUA also said in the risk alert that DDoS attacks may also be paired with attempts to steal member funds or data.

Credit unions significantly affected by DDoS or other cyber attacks should notify their NCUA regional office or state supervisory authority, and when applicable, follow regulatory notification proceduresm, the agency said.

Credit unions should voluntarily file a Suspicious Activity Report if an attack impacts Internet service delivery, enables fraud, or compromises member information, the NCUA said. The NCUA also encouraged credit unions to participate in information-sharing organizations, such as industry trade groups and the Financial Services Information Sharing and Analysis Center.

In addition, the NCUA said the United States Computer Emergency Readiness Team provides information on the methods used to launch attacks and risk mitigation tactics to reduce their impact.